Georgia Tech Stung With 1.3 Million Person Data Breach

Georgia Tech is reporting that it suffered a data breach when a Georgia Institute of Technology web app exposed the information on 1.3 million current and former students, student applicants along with staff members.

The incident was discovered in late March, the school stated
adding the breach is being investigated by the Georgia Tech cybersecurity team
to determine the extent of the damage, but early indications are the
compromised information could include names, addresses, Social Security numbers
and birth dates

“The U.S. Department of Education and University System of
Georgia have been notified, and those whose data was exposed will be contacted
as soon as possible regarding available credit monitoring services,” the school
said.

This is the second data breach the Yellow Jackets have have
endured. In 2018 8,000 students were affected when there information was
accidentally emailed to the wrong person.

Over the last several years Georgia has become a cybersecurity hub. In January 2017 Georgia Gov. Nathan Deal announced the state would invest $60 million for a cyber range and training facility named the Hull McKnight Georgia Cyber Innovation and Training Center at the school’s Augusta University Riverfront Campus that will combine expertise in academia, private industry and government to establish statewide cybersecurity standards. The center is located very close to the U.S. Army Cyber Command, the US Army Cyber Center of Excellence and the National Security Agency at Fort Gordon, Ga.

This fact was not lost on Dan Tuchler, CMO at SecurityFirst.

“How ironic that a university with a high ranking in
computer science, which offers courses in cybersecurity, got hacked. This in a
state which has had privacy regulations in place – the Georgia Personal
Identity Protection Act – since 2007. This is a clear example of the need for
encryption of personal data. Hackers always find a way in and they need to be
stopped before they get the personal data,” Tuchler said.

The school gave no details on the web application at the
center of the breach, but industry experts told SC Media the amount and type of
information a large institution like Georgia Tech maintains makes it imperative
that it maintain security.

“On Georgia Tech’s website, it boasts of 173 industry
collaborators and 62 U.S. patents issued in 2017 alone. If the university
doesn’t tighten its security controls, this kind of proprietary data is likely
to be placed at risk. This is particularly true now that organizations are
storing and sharing data in the cloud more than ever before,” said Anurag
Kahol, CTO at Bitglass.

Ben Goodman, VP of global strategy and innovation at
ForgeRock, believes the type of information that was likely removed by the
malicious actors will quickly make its way to markets on the dark web.

“Academic institutions are a growing target for attacks given
the personally identifiable information they collect for tens of thousands of
students, employees, donors and partners. This data will quickly make its way
to the dark web where it will be used for identity theft, synthetic identity
creation and robotic account takeovers,” he said.